Evaluation of user's behaviours handling computer security incident in financial institution in Klang Valley

Abstract

Computer security incident is any activities or events that potentially harm the computer systems or networks. These activities could be due to various vulnerabilities and threats either intentionally or unintentionally attempted such as unauthorized actions in a computer system, hardware or software failure, denial of service attempts and other events that could be threatens the computer system. As computer security incident cannot fully avoided or mitigated, organizations should have a procedure in handling such incidents to mitigate the incident, control the situation during the incident or recover the system affected by the incident. This study has been conducted to identify the components of user’s behaviors in handling computer security incident. Here we found six components of user’s behaviors in handling computer security incident which are aware of assurance, responsibility, perceived skills and knowledge, general security orientation, motivation and perceived barriers. An analysis of these behaviors has been done which covered the 13 financial institutions in Klang Valley. The result of analysis shows more than half of users are agree with all these components of users’ behaviors in handling computer security incident except for perceived skills and knowledge. The study shown that most of users are concern with the common information security practices and sharing the detected problem with others by seeking assistance with other colleagues. However, the users are not really care with the security practices in handling computer security incident which need their effort technically. Therefore, the organizations need to note this issue to find appropriate solution